Port mirroring 2nd Nic, sles 10, running VMware Server.

Hi,
  As I get it, you have a host server as SLES 10 and you wish to have Ubuntu  Virtual Machine with SNort running.

 You have solution depending on what networking you use for the virtual machine.

(1) If you have used the "Bridged Connection", then you already have a IP from the router, which you can use for monitoring

(2) If you have used "Nat Connection".. you can use the nat config that is shipped with vmware.. to do the port forwarding. Here is a example: http://www.howtogeek.com/howto/vmware/allow-access-to-a-vmware-virtual-machinenat-from-another-computer/

(3) If you use host-only networking.. you will have to put the port forwarding using iptables or firewall on your host.

As far as the second NIC is concerned.. you have to choose the second nic for networking on your vmware network settings.

More info regarding your setup and ports.. will be required to give you a detailed solution

I have Bridged networking setup, and the Ubuntu Snort Guest VM will have it's own IP Address.
So i just plug the RJ45 in to the 2nd nic, which is connected to the port 23 on the switch,  which is mirroring port 22 on switch, and I do nothing in SUSE to configure it?

Do i have to use any switches / configuration in my VM Guest ( Ubuntu) config file to setup it to see the port mirrored port?

For snort (VMware Guest, Ubuntu)  to have a network address I would configure eth0 in ( VMware Guest, Ubuntu) to point to eth0 in SUSE ( VMware host) and for Snort, ( VMware Guest, Ubuntu) to Sniff, I configure eth1(VMware Guest, Ubuntu) to point to eth1 in SUSE ( VMware host), which would be the port mirroring port ?

I had to do "ifconfig eth1 -promisc" then "ifconfig eth1" up on both the host system and the guest


You would have to do this for every boot.


Unless anyone knows how to do this automatically.


Thanks

I got the answer I needed on this post

http://communities.vmware.com/message/978721

Up to you how you assign points.